forked from Normation/rudder-tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
openssl-agent.cnf
25 lines (20 loc) · 998 Bytes
/
openssl-agent.cnf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# mandatory for some openssl commands
[ req ]
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
# DOC: https://superuser.com/questions/738612/openssl-ca-keyusage-extension/1248085#1248085
# There is no real check on those features by openssl except basicConstraints
# We don't use critical not pathlen to avoid incompatibilities with future checks
# keyCertSign: certificate signature
# cRLSign: crl signature
# digitalSignature: file signature (not used for crl, may be used for DHE)
# dataEncipherment: file encryption (usualy no used, we cipher a temporary key instead)
# keyEncipherment: key exchange (for tls with RSA)
# keyAgreement: key exchange (for tls with DHE)
[ agent_cert ]
# subject = /CN=hostname/UID=uuid
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = digitalSignature, dataEncipherment, keyEncipherment, keyAgreement
#extendedKeyUsage = clientAuth